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Abstract

   This document updates RFC 5480 to specify semantics for the
   keyEncipherment and dataEncipherment key usage bits when used in
   certificates that support Elliptic Curve Cryptography.
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1.  Introduction

   [RFC5480] specifies the syntax and semantics for the Subject Public
   Key Information field in certificates that support Elliptic Curve
   Cryptography.  As part of these semantics, it defines what
   combinations are permissible for the values of the key usage
   extension [RFC5280].  [RFC5480] specifies 7 of the 9 values; it makes
   no mention of the keyEncipherment and dataEncipherment key usage
   bits.  This document corrects this omission by updating Section 3 of
   [RFC5480] to make it clear that neither keyEncipherment nor the
   dataEncipherment key usage bits are set for key agreement algorithms
   defined therein.  The additions are to be made to the end of
   Section 3 of [RFC5480].

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and
   "OPTIONAL" in this document are to be interpreted as described in
   BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all
   capitals, as shown here.

3.  Updates to Section 3

   If the keyUsage extension is present in a certificate that indicates
   id-ecPublicKey in SubjectPublicKeyInfo, then the following values
   MUST NOT be present:

      keyEncipherment; and
      dataEncipherment.

   If the keyUsage extension is present in a certificate that indicates
   id-ecDH or id-ecMQV in SubjectPublicKeyInfo, then the following
   values also MUST NOT be present:

      keyEncipherment; and
      dataEncipherment.

4.  Security Considerations

   This document introduces no new security considerations beyond those
   found in [RFC5480].

5.  IANA Considerations

   This document has no IANA actions.

6.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119,
              DOI 10.17487/RFC2119, March 1997,
              <https://www.rfc-editor.org/info/rfc2119>.

   [RFC5280]  Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
              Housley, R., and W. Polk, "Internet X.509 Public Key
              Infrastructure Certificate and Certificate Revocation List
              (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008,
              <https://www.rfc-editor.org/info/rfc5280>.

   [RFC5480]  Turner, S., Brown, D., Yiu, K., Housley, R., and T. Polk,
              "Elliptic Curve Cryptography Subject Public Key
              Information", RFC 5480, DOI 10.17487/RFC5480, March 2009,
              <https://www.rfc-editor.org/info/rfc5480>.

   [RFC8174]  Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
              2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
              May 2017, <https://www.rfc-editor.org/info/rfc8174>.

Authors' Addresses

   Tadahiko Ito
   SECOM CO., LTD.

   Email: tadahiko.ito.public@gmail.com


   Sean Turner
   sn3rd

   Email: sean@sn3rd.com
